posting by e-mail disabled until a solution is devised that isn't a security risk.

Their are days that I’m lazy, and just don’t want to open up the web interface to post by e-mail.
Their’s also one author that posts regularly by e-mail, why? because it’s easiest for them.
Well as of now, that feature has been disabled.
the reason?
In a nutshell, the plugin’s a security risk and avoids all the security features wordpress has built in to prevent database corruption among other things.
The article I’m basing this decision is
over here
and is quoted below.

Product Review: POSTIE for WordPress
For the WordPress bloggers there aren’t many choices to post to your blog via email. POSTIE is the biggest or most well-known plugin to allow users to send emails to themselves and have them turned into WordPress posts automatically. It really is a neat idea and a good feature to have.
The lack of documentation for POSTIE is absurd. The author of the module/widget didn’t take the time to document how to get it to work the way it is supposed to. It also doesn’t contain any examples of the emailformatting required for a successful email to post conversion. After a fewhours of trying to get the TAG function to work (the ability to add tags to the post) I tried consulting other web sites to see if they could figure it out and to my surprise, there wasn’t anyone who could get it to workconsistently.
POSTIE allows you to add titles, tags and categories to the post but it never shows you how to do it. It appears the tags have to appear in a very specific order or they won’t be read at all. However, after trying to use the TAGS function at the top and at the bottom neither showed more orless successful than the other. Sometimes it worked, most times it didn’t. The other functions appeared to work okay. TAGS does not work so if that is important for you, you will need to use an alternative for POSTIE.
After successfully posting a few dozen test posts to Ask-A-Geek (minus TAGS, of course) I decided to look closer to the formatting of the posts and make sure everything looked how it was supposed to. After looking at every one of my posts I noticed a bug so large that it means one of two things. The author of POSTIE is an incompetent programmer, or worse- a lazy one.Any time an apostrophe ‘ is found in the email or post, it gets removed completely and replaced with a spacebar key. That means for everyone who likes to use contractions (can’t, won’t, shouldn’t, her’s) had messed up formatting and really screwed up words.
For example:
The hen’s house had no roof!
Turned into:
The hen s house had no roof!
There is no fix for this bug. If you can type everything without contractions then this doesn’t mean much for you, but for everyone else youwill regret installing and using POSTIE.
The last thing I wanted to mention was how POSTIE actually posts to WordPress. After looking through the code to see why the apostrophes weren’t working I noticed that the plugin works with the database directly. For most widgets or plugins for WordPress this wouldn’t be much of a problem. However when you’re dealing with actual posts then you’re opening a world of security problems. WordPress has a lot of built-in security filters to make sure the data is clean when it is submitted into the database. POSTIE avoids these filters and checkers completely and posts anything you want straight to the database. What’s so bad about that? If someonefigured out what email address you need to submit to AND what email address you need to submit from (it is easy to mask the FROM email address to make it look like it came from you when it really didn’t), they could inject MySQL code into the database and modify or delete everything you have.
In short, POSTIE is bug prone and does not post emails to WordPress in any functional manner. Even if the bugs get fixed someday it’s hard to trust a developer who releases untested and undocumented products. From asecurity stand point you risk losing all the data stored in WordPress if you use the POSTIE plugin. I recommend finding another alternative before it’s too late.

So now, it’s time to find another solution.
We also thank
james
for tracking that down, as well.

1 thought on “posting by e-mail disabled until a solution is devised that isn't a security risk.”

  1. Oops? Looks like I’m gonna have to learn how to post proper after all. Well? had to do it someday! Now I gotta wonder, will my computer be a good bitch and let me do it? LOL

    Reply

Leave a Reply to Krista Cancel reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.